OCPBUGS-85370: Raise OpenStack operator watch limits

[mandre]

OpenStack limits were significantly lower (often 40-60% of other platforms), causing potential false positives. Raise each operator's limit to the average of the other platforms (AWS, Azure, GCP, BareMetal, vSphere). Also remove vmware-vsphere-csi-driver-operator and vsphere-problem-detector-operator entries that were incorrectly present in the OpenStack section.

Summary by CodeRabbit

• Chores
  • Updated audit watch limits for multiple operators in OpenStack-based Highly Available deployments, including authentication, cluster, DNS, ingress, and Prometheus operators.
  • Removed audit watch limit configurations for storage-related operators in OpenStack environments.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[openshift-ci-robot]

@mandre: This pull request references Jira Issue OCPBUGS-85370, which is invalid:

• expected the bug to target the "5.0.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

OpenStack limits were significantly lower (often 40-60% of other platforms), causing potential false positives. Raise each operator's limit to the average of the other platforms (AWS, Azure, GCP, BareMetal, vSphere). Also remove vmware-vsphere-csi-driver-operator and vsphere-problem-detector-operator entries that were incorrectly present in the OpenStack section.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[mandre]

/jira refresh

[openshift-ci-robot]

@mandre: This pull request references Jira Issue OCPBUGS-85370, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: bb365427-ed53-458a-a316-f492266d1a99

📥 Commits

Reviewing files that changed from the base of the PR and between 2687da8 and 647174f.

📒 Files selected for processing (1)

• pkg/monitortests/kubeapiserver/auditloganalyzer/operator_watch_limits.json

---

Walkthrough

This PR updates audit log analyzer configuration data for Kubernetes API server operator watch limits in the HighlyAvailable deployment targeting OpenStack, changing numeric limits for multiple operators and removing two operators from the OpenStack configuration set.

Changes

Operator Watch Limits Configuration

Layer / File(s)

Summary

Configuration Data pkg/monitortests/kubeapiserver/auditloganalyzer/operator_watch_limits.json

Watch limit values for operators in HighlyAvailable → OpenStack are updated (e.g., authentication-operator, cloud-credential-operator, cluster operators, console-operator, dns-operator, ingress-operator, kube-apiserver-operator, kube-controller-manager-operator, machine-api-operator, openshift-*, prometheus-operator, service-ca-operator). vmware-vsphere-csi-driver-operator and vsphere-problem-detector-operator are removed from this block.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly summarizes the main change: raising OpenStack operator watch limits, which is the primary objective of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies JSON configuration and includes Ginkgo tests with stable, deterministic names. No unstable test names with dynamic content were found.
Test Structure And Quality	✅ Passed	Check not applicable. This PR modifies only operator_watch_limits.json (static data), not Ginkgo test code. The check for test code quality is out of scope.
Microshift Test Compatibility	✅ Passed	PR modifies only JSON config file (operator_watch_limits.json) with OpenStack audit watch limits. No Ginkgo e2e tests added, so check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR does not add any new Ginkgo e2e tests. It only modifies static JSON configuration data for operator watch limits. The custom check for SNO test compatibility is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only test data (operator_watch_limits.json), not deployment manifests, operator code, or scheduling constraints. Custom check does not apply.
Ote Binary Stdout Contract	✅ Passed	All output in main() is directed to stderr. fmt.Fprintln and fmt.Fprintf explicitly use os.Stderr. Logging configured for stderr. No stdout writes in process-level code.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR modifies only static JSON configuration data with no new Ginkgo e2e tests. The check is inapplicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@mandre: This pull request references Jira Issue OCPBUGS-85370, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Details

In response to this:

OpenStack limits were significantly lower (often 40-60% of other platforms), causing potential false positives. Raise each operator's limit to the average of the other platforms (AWS, Azure, GCP, BareMetal, vSphere). Also remove vmware-vsphere-csi-driver-operator and vsphere-problem-detector-operator entries that were incorrectly present in the OpenStack section.

Summary by CodeRabbit

• Chores
• Updated audit watch limits for multiple operators in OpenStack-based Highly Available deployments, including authentication, cluster, DNS, ingress, and Prometheus operators.
• Removed audit watch limit configurations for storage-related operators in OpenStack environments.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[mandre]

@dgoodwin any idea why all limits were updated in 433e8a5 except for the OpenStack ones?

Looking at the whole PR (#30750), I don't see anything that would exclude OpenStack.

[openshift-merge-bot]

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

[stephenfin]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mandre, stephenfin
Once this PR has been reviewed and has the lgtm label, please assign sosiouxme for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@mandre: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.